hints processing for Accounting-On / Off packets?

Stefan Winter stefan.winter at restena.lu
Tue Feb 21 10:35:28 CET 2006

> > That's not how I read the comments in hints:
> >
> > #       The hints file.   This file is used to match
> > #       a request, and then add attributes to it.
> >
> > There's some mention of some special rules "Prefix" and "Suffix", and
> > _these_ can only work on the User-Name. Anything else should be doable
> > anyway.
> That's definitely what that file does. The "hints" the filename refer to
> are hints that the USER submits in their authentication request, by

Well, I am probably not long enough in the RADIUS business to remember the 
historical reasons for the hints file. For me, hints is the only means to 
manipulate input avp items in a packet. And a very flexible solution too, 
since it does "users" style mangling. And the comments in the file don't say 
"but whatever you put in here will be ignored if there is no attribute 
User-Name in the request".

> prefixing, suffixing or otherwise formatting their username (the only
> value the user has total, sensible control over). It's an old method
> that the ancestors of FreeRadius used extensively. The examples in the
> default hints file make it pretty clear how it was originally intended
> to be used.

Yeah, but what if I want to go beyond the examples? This file is so flexible, 
it would be a shame to arbitrarily limit it by requiring User-Name to be 

> Certainly that's not what hints used to do. It may make sense to update
> the function of hints, since it is indeed a wonderfully flexible and
> easy way to alter / add to the incoming request. But it's definitely not
> a "bug" per se.

Fine for me, let's call it a feature request.

> The patch looks relatively trivial. Simply delete the check for null
> usernames. In *fact*, I don't think the left hand side of the "users"
> entries in that file is used at all.

I just submitted bug #335
with the (really trivial) patch to the bug database. Actually, it will make 
packet processing in the server faster: almost all packets have User-Name 
anyway, so for each of these packets, the if condition checking is saved. And 
only for those packets without, Accounting-On/Off, processing time will get 
slightly larger by running through hints (but given he seldom these packets 
usually come, this is negligible).


Stefan Winter


RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
R&D Engineer

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu               Fax:      +352 422473

More information about the Freeradius-Users mailing list